David Jencks wrote:
>
> On Mar 12, 2007, at 1:26 AM, Lasantha Ranaweera wrote:
>
>> Hi Folks,
>>
>> I noticed some in consistencies in the Geronimo console when it comes
>> to Jetty & Tomcat environments while we are creating HTTPS listeners
>> (two different UIs). Tomcat GUI support both PKCS12 and JKS key
>> stores while Jetty only supports JKS (there are some other
>> differences too). Is there any reason behind this kind of change?
>> Can't we use the same GUI for this kind of activity because it will
>> give G user same environment whether it is Tomcat or Jetty ?
>>
>> Also in Tomcat HTTPS listener supports PKCS12 key store type G
>> currently only supports JKS type. Can't we add the PKCS12 in to the G
>> key stores since it is more industry standard when it comes to key
>> stores than JKS? I remembered using bouncy castle as security
>> provider with PKCS12 sometime back without any issues ;-) . Any
>> insight would be greatly appriciated.
>>
>> I would like to spend some of my time on these issues if there is no
>> big technical (also legal) barrier associated with it :-) .
>
> so far I've stayed out of this discussion :-)
>
> There's been discussion of similar issues in
> https://issues.apache.org/jira/browse/GERONIMO-2015. We have to be
> very careful about importing more of the bouncy castle code than we
> already have to avoid potential patent infringement issues.
>
> From a design perspective I would like to see first that our tomcat
> integration uses a keystore gbean like the jetty integration does, and
> then the additional keystore be added. However both of these parts
> would be great from my point of view.
>
> It looks from the jira comments that some people have concerns about
> compatibility across different platforms. Is this taken care of by the
> move to jdk 1.5 in g. 2.0?
>
> thanks
> david jencks
Thanks David for the information as always ;-) . I will start from the
HTTPSListener side since PKCS12 is bit more complicated right now.
Lasantha
>
>
>>
>> Thanks,
>> Lasantha
>>
>
>